Documentation
¶
Overview ¶
Package userauth verifies the short-lived RS256 JWT the GitLab Rails monolith mints (via Authn::TokenExchange::TokenIssuer).
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type FailReason ¶
type FailReason string
const ( ReasonInvalidToken FailReason = "invalid_token" // ReasonExpired: signature/issuer/claims are valid but the token is past exp. Kept distinct from // invalid_token so consumers can handle an expired token separately from an unverifiable one. ReasonExpired FailReason = "expired" // token can be verified yet. The token itself may be valid — a transient condition. ReasonKeysUnavailable FailReason = "keys_unavailable" )
type GitLabClaims ¶
type GitLabClaims struct {
Origin string
OriginID string
LocalID string
IdentityKind string
OrganizationRole string // optional
}
GitLabClaims is the nested "gitlab" object (ADR-021). LocalID is minted as a JSON number but surfaced as a string.
type Option ¶
type Option func(*options)
func WithFetchErrorHandler ¶
func WithFetchSuccessHandler ¶
func WithFetchSuccessHandler(fn func()) Option
type Verifier ¶
type Verifier struct {
// contains filtered or unexported fields
}
func NewVerifier ¶
type VerifyError ¶
type VerifyError struct {
Reason FailReason
// contains filtered or unexported fields
}
func (*VerifyError) Error ¶
func (e *VerifyError) Error() string
func (*VerifyError) Unwrap ¶
func (e *VerifyError) Unwrap() error
Click to show internal directories.
Click to hide internal directories.